Protect Yourself Against Phishing

( The recent police raids in the Nuh district of Haryana have uncovered a deep nexus of cyber criminals involved in duping people of crores of rupees. One of the biggest cyber scams these days is phishing. 

With reference to a sudden surge in the cases related to cyber-crimes in the recent past days,

here's sharing  new article by a serving Punjab Police officer Gurjot Singh Kaler- Editor )

The recent police raids in the Nuh district of Haryana have uncovered a deep nexus of cyber criminals involved in duping people of crores of rupees. One of the biggest cyber scams these days is phishing. Innumerable people have already fell victim to it. What exactly is phishing and how does one prevent oneself from such attacks is the million- dollar question that needs our immediate attention.

Phishing (pronounced: fishing) can be simply defined or described as a type of cyber-attack in which the scamsters attempt to steal the money, or the identity of the victim, by encouraging them via deception to reveal their personal information -- such as credit card numbers, One Time Passwords (OTPs), bank information, or other confidential information -- through fake websites that otherwise pretend to be trustworthy and legitimate. Cybercriminals typically employ techniques of social engineering wherein they pretend to be representatives of reputable companies, close friends, or known acquaintances in a fake message or email, which contains a link to a phishing website.

Phishing messages or content may ask for your personal or financial information, ask you to click links or download software, impersonate a reputable organization, like your bank, a social media site you use, or your workplace, impersonate someone you know, like a family member, friend, or co-worker, and such phishing messages may look exactly like an authentic message from an organization or person you trust.

Phishing seems to have become a highly popular method of cyber-crime amongst the criminals because of the effectiveness of it. Through the method of phishing, cyber criminals use emails, text messages, WhatsApp messages, direct messages on social media, or in video games to deceive and manipulate people towards disclosing their personal information.

The best defense to protect oneself against phishing is creating and spreading adequate awareness about it so that the potential victims can differentiate between what is real and what is fake.

The following are some of the best ways to identify a phishing email-

Sense of urgency – Most of the phishing emails from the cyber criminals are designed in such a way that these create a false sense of urgency to the receiver of the email. Such phishing emails or text messages typically ask the receiver to immediately click on a link or call on a specific number or open a file attached to the email. The fear of fake urgency is created by offering a reward to the user or coaxing him/her in order to avoid a severe penalty. As a result of the clever manufacturing of such fake urgency, the fraudsters are able to easily dupe the users into believing to click on these links without bothering to check if these are from an identified, authentic and a trusted source or not. It is therefore important to protect oneself against any such false sense of urgency generated. If you happen to receive any such email, it is best to take a pause and reflect carefully if it is actually from a trusted source or not.

Unknown or first-time senders – One of the common signs of phishing is receiving emails from anonymous, unknown or infrequent senders. Whenever the emails or texts with e-links are received from someone you do not recognize, it is advisable to proceed very carefully with clinical precision as these can be phishing emails and the best way to respond is to avoid clicking on them.

Grammatical errors –

Reputed companies usually have an editorial staff to ensure that the emails which are sent to employees are grammatically correct and professionally appealing in nature. If you receive an email which sounds incoherent, contains a lot of spelling mistakes and has a bad grammar, it can also be a sign of a phishing email. Many a times, it has been found that these grammatical errors are the unintended results of an improper automatic translation from a foreign language via some web-based application through Google or sometimes, these are just a deceptive trick by the scamsters to avoid the technological filters that try to block such type of cyber-attacks.

Generic Greetings – If an email comes to you with a generic greeting like “Dear sir or madam”, it should be taken as a warning sign about the authenticity of its real source of origin. This is because your bank and shopping websites with which you are dealing are expected to be aware of your name and hence, they would normally send you a personalized email or text while doing any business communication with you.

Mismatched or wrong email domains –

One of the most common tricks of cyber-criminals is to use a wrong or misspelt or mismatched email domain to commit frauds via phishing. Many a times, the email received by a user seems to have been sent from a reputable company like Microsoft or a bank, but in reality, upon careful observation, if the domain name is gmail.com or microsoftsupport.ru, then, it is probably a phishing scam to trick you to divulge your personal information. Similar examples are micros0ft.com where the second "o" has been replaced by a “0” and rnicrosoft.com where the "m" has been replaced by an "r" and a "n".

Phishing has evolved now-a-days and includes several variations that use similar techniques:

Vishing scams happen over the phone, voice email, or VoIP (voice over Internet Protocol) calls. Attackers use speech synthesis software and automated calls to solicit victims to share bank details and login credentials.

Smishing scams happen through SMS (text) messages.

Pharming scams happen when malicious code is installed on your computer to redirect you to fake websites where your login credentials are captured by scamsters.

Spear phishing: Attackers send emails to specific targets who they know have the information they need – such as everyone in the sales or IT department.

Whaling: Emails sent to senior executives such as CEOs or CFOs as part of a high-profile targeting scam.

Tips to prevent yourself from becoming a victim of phishing scams-

1) Be careful with what information you share online or on social media. By openly sharing things like pet names, schools you attended, family members, and your birthday, you can give a scammer all the information they need to guess your password or answer your security questions.

2) Carefully examine the email address, URL, and spelling used in any correspondence. Scammers use slight differences to trick your eye and gain your trust.

Remember that companies generally don’t contact you to ask for your username or password.

Don’t click on anything in an unsolicited email or text message. Look up the company’s phone number on your own (don’t use the one a potential scammer is providing), and call the company to ask if the request is legitimate.

Be careful what you download. Never open an email attachment from someone you don’t know and be wary of email attachments forwarded to you.

 Set up two-factor (or multi-factor) authentication on any account that allows it, and never disable it.

Some other preventive strategies include the following -

 - Do not click on any links or open attachments from emails claiming to be from your bank or another trusted organisation and asking you to update or verify your details – just press delete. Never copy and paste links from emails; never click shortened URLs unless you trust the source. Don’t log in to WiFi networks you don’t trust.

May 22, 2023